102 



104 



Data 




Entry 





Authoritative 
Database 



fQQ^ Server Platform 



108 
106 



110 
106 



112 
106 



/ 
/ 



Directory 



Server Platform 



Certificate 
Authority 



Server Platform 



Registration 
Authority 



Server Platform 



124 



/ 



100 
/ 



122 
,z 



Registration 
Web Page 



Web Server 



Server Platform 
~7 



106 



144 

/ 

Personal Revocation Authority 



146 



Personal Registration Authority 



132 



User 



126 



Web Browser 



Client Platform 

~7 

128 



130 



- Token 



Figure 1 



200 



( start ) 



210 



Tokens 1 30 loaded with 
unique key wrapping 
keys 



220 



Secret/private key for 
each token 130 stored in 
authoritative database 
104 



230 



User's identity and 
credentials verified by 
personal registration 
authority 146 



240 



Personal registration authority 
146 signs a request (electronic 
form) for certificates from the 
certificate authority 1 10 with 
the user ID, token ID, and 
organizational code 



250 



Certificate authority 110 
checks for redundant 
tokens for user and 
revokes same 



260 



Electronic form is filled at 
certificate authority 110 
from the users 
organizational database 



270 



Personal registration 
authority 146 signs and 
submits electronic form 
after review of data 
against credentials 



280 



Certificate authority 1 10 
validates personal 
registration authority 146 
signature 



290 



All encryption, signature, 
and role certificates are 
generated by the 
certificate authority 110 
and wrapped in the tokens 
public key 



300 



Tokens unwraps the 
certificates received 
using its private key 



310 



c ^ ) 



Figure 2 



110 



Certificate 
authority 



320 



Key generation 

registration 

authority 



330 



Crypto 
accelerator 



104/ " ~Z~ 
I Authoritative / 
I database I 



340 

H 


Token 

personalization 
system 


130 


Token 




< ► 



Figure 3 



User contacts personal 
revocation authority 144 or 
personal registration 
authority 146 to report loss of 
token 



3*3 



3 



420 



Revocation authority 144 or 
personal registration authority 
146 reports lost token 
certificate to authority 110 
which revokes all certificates 
assigned to the particular 
token 



430 



T 

( End ) 



Figure 4 



510 



520 



530 



550 



560 



570 



500 



( Start ) 



1 


r 


User logs onto certificate 
authority 110 and 
requests an update of 
certificates for his token 




f 


Certificate authority 110 
requests user to 
demonstrate the 
signature certificate on 
the token 130 




r 


Certificate authority 110 
accesses authoritative 
database 104 




r 




590 



Yes 



Transmit message 
indicating no new 
certificates 



■c 



End 



Wrap new certificates in 
public key of token 130 



Download new 
certificates to token 130 



Delete old certificates 
from token 130 



580 



600 



Token 1 30 activates 
certificates using 
private key 



Figure 5 



